Filter Resources

Other
In this webinar, Morgan Hein, discusses a new Open Source tool, EnVisen, which lets you view the exported symbols and ROP gadget surface area of your binaries in a visually rich and purposeful way from directly within your browser. It can even compare binaries to visualize common attackable surface area and score your Zero-Day vulnerability risk with built in entropy evaluation.
Whitepaper
CA API Gateway enables new programs to transfer information between security domains through legacy high-assurance guards.
Publication
Tripwire's integrated suite of products build on their core capabilities to deliver critical capabilities for breach detection and remediation, and address nearly every compliance standard—PCI DSS, NIST, FISMA, NERC, HIPAA, ISO/IEC 27002, DISA, SOX, and many others.
Publication
When a high-profile cyberattack grabs the headlines, your first instinct may be to funnel resources into purchasing a shiny new tool to defend your organization. But often, that’s not what’s really needed.
Publication
Tripwire solutions have a history with government agencies, offering an 'ironclad defense,' or foundation for a layered compliance and security strategy.
Publication
Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the internet and other networks for business, operations and research. Information about citizens, banking and finance, research and development, and many other federal connected systems transmit data outside the federal networks—and their security compliance standards. So it makes sense that FISMA would adapt to address more than the original scope of perceived threats and specifically address systems and data security that inter-agency networks, vendors, contracts and supply chain puts at risk.
Whitepaper
Security and compliance remain at the forefront of concerns facing security leaders today. Tackling the challenge of finding and addressing risks in the enterprise while demonstrating compliance with increasingly demanding regulations requires the maturity and discipline to adopt and follow a complete security risk and compliance lifecycle.
Whitepaper
Year after year, investigations performed after breaches and other security incidents reveal that the majority of security incidents occur because well-known security controls and practices were not implemented or were not working as organizations had assumed. And the major problem in cyber security remains a lack of defined and repeatable processes for selecting, implementing and monitoring the security controls that are most effective against real-world threats.
Whitepaper
Insider cybersecurity threats are much more prevalent than most of us realize. IBM estimates that 60% of all cyberattacks are perpetrated by those with insider access1; McAfee cites enterprise insiders as a major source of Personally Identifiable Information (PII) sold on the dark web, particularly in the healthcare industry; and at least two-thirds of major corporations reported insider threat incidents in 20163 ranging from file theft and destruction to selling passwords and deliberately sabotaging critical systems. Over 40% of U.S. government agencies report such incidents every year. It's a serious—yet incredibly overlooked—risk.
eBook
APIs are not necessarily a new technology, but in today's digital world, they have risen in prominence and become important to every facet of the enterprise. This in turn has increased the demand for effective API management. But what does an effective solution look like?
Whitepaper
The security industry is now starting to embrace the notion of cyber resiliency. A resilient system is one where vulnerabilities are assumed, but has defenses designed such that the system can continue to operate safely and reliably. A technique that enables system resiliency is Moving Target Defense.
Publication
Today's cybersecurity solutions are often complicated and expensive requiring companies to invest copious time and resources into securing their business. While each solution claims to be the "silver bullet" that will solve the security problem, each solution has failed to do so. Instead of building complex tools that attempt to constrain DevOps systems, Polyverse creates simple and intrinsic protections that works with innovation, not against.
Data Sheet
With Polyverse Polymorphic Linux, deployment is simple, taking less than 5 minutes for protection by a uniquely randomized set of binaries.
Publication
In 2017, Rapid7 launched the “Under the Hoodie” project to demystify the practice of penetration testing by surveying those who are in the field and conducting the investigations on what they most commonly see during client engagements. We have renewed this approach in 2018 to continue providing visibility into this often occult niche of information security.

Pages